Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    33s
  • max time network
    29s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/07/2023, 13:29 UTC

General

  • Target

    remittance payment.html

  • Size

    124KB

  • MD5

    81afb5a1c9412a844acc331abe2db2da

  • SHA1

    fdcd44789f907e3c38b4b6ead135dde759398df4

  • SHA256

    1496f4195a630217125bcfe61603d5c32d3aa11cf55678e4df551452cbdc5353

  • SHA512

    7b00786755f58bf8a86fcd9def3723858ad299944d6f8a6267063e46e46ba0b95b2683e3d66128ab701afe42dd0588ab0dea7a95b4a952e19028f9f6c523eea0

  • SSDEEP

    3072:mk3r7+NRGyE9Je3xIVbLBiE586hcUnR3qTF8bNNG5v+2:z7+zGycCxIVbLBliMR3qA3kv+2

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 62 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" "C:\Users\Admin\AppData\Local\Temp\remittance payment.html"
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4876
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9fcb9758,0x7ffd9fcb9768,0x7ffd9fcb9778
      2⤵
        PID:1512
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1908,i,4004869274206286441,10089725024929958936,131072 /prefetch:2
        2⤵
          PID:2696
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1908,i,4004869274206286441,10089725024929958936,131072 /prefetch:8
          2⤵
            PID:1260
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1908,i,4004869274206286441,10089725024929958936,131072 /prefetch:8
            2⤵
              PID:1224
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=1908,i,4004869274206286441,10089725024929958936,131072 /prefetch:1
              2⤵
                PID:2916
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1908,i,4004869274206286441,10089725024929958936,131072 /prefetch:1
                2⤵
                  PID:3024
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1908,i,4004869274206286441,10089725024929958936,131072 /prefetch:8
                  2⤵
                    PID:3528
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5116 --field-trial-handle=1908,i,4004869274206286441,10089725024929958936,131072 /prefetch:8
                    2⤵
                      PID:1348
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1908,i,4004869274206286441,10089725024929958936,131072 /prefetch:8
                      2⤵
                        PID:4152
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1908,i,4004869274206286441,10089725024929958936,131072 /prefetch:8
                        2⤵
                          PID:644
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=1908,i,4004869274206286441,10089725024929958936,131072 /prefetch:8
                          2⤵
                            PID:3392
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1908,i,4004869274206286441,10089725024929958936,131072 /prefetch:8
                            2⤵
                              PID:2272
                          • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                            "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                            1⤵
                              PID:3836

                            Network

                            • flag-us
                              DNS
                              stackpath.bootstrapcdn.com
                              chrome.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              stackpath.bootstrapcdn.com
                              IN A
                              Response
                              stackpath.bootstrapcdn.com
                              IN A
                              104.18.10.207
                              stackpath.bootstrapcdn.com
                              IN A
                              104.18.11.207
                            • flag-us
                              DNS
                              cdnjs.cloudflare.com
                              chrome.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              cdnjs.cloudflare.com
                              IN A
                              Response
                              cdnjs.cloudflare.com
                              IN A
                              104.17.25.14
                              cdnjs.cloudflare.com
                              IN A
                              104.17.24.14
                            • flag-us
                              DNS
                              ajax.googleapis.com
                              chrome.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              ajax.googleapis.com
                              IN A
                              Response
                              ajax.googleapis.com
                              IN A
                              142.251.36.42
                            • flag-us
                              GET
                              https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
                              chrome.exe
                              Remote address:
                              104.17.25.14:443
                              Request
                              GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/2.0
                              host: cdnjs.cloudflare.com
                              sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                              sec-ch-ua-platform: "Windows"
                              accept: text/css,*/*;q=0.1
                              sec-fetch-site: cross-site
                              sec-fetch-mode: no-cors
                              sec-fetch-dest: style
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 200
                              date: Wed, 05 Jul 2023 13:29:58 GMT
                              content-type: text/css; charset=utf-8
                              content-length: 5631
                              access-control-allow-origin: *
                              cache-control: public, max-age=30672000
                              content-encoding: br
                              etag: "5eb03e5f-7918"
                              last-modified: Mon, 04 May 2020 16:10:07 GMT
                              cf-cdnjs-via: cfworker/kv
                              cross-origin-resource-policy: cross-origin
                              timing-allow-origin: *
                              x-content-type-options: nosniff
                              vary: Accept-Encoding
                              cf-cache-status: HIT
                              age: 3091296
                              expires: Mon, 24 Jun 2024 13:29:58 GMT
                              accept-ranges: bytes
                              report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hQm3osT5J8olqNJWHo%2Fk6ODb51H8WiApfjr5bZP1TNNCCxyO09m0%2BRzBoBsqUuc8Ed3S6SzJ2PrBZtm5KpzhXFptXiDynZHe%2BOdiKxcIOAy4HV5vDXCLJ5fDWJR%2F%2BA7%2BpBlV0Gmq"}],"group":"cf-nel","max_age":604800}
                              nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
                              strict-transport-security: max-age=15780000
                              server: cloudflare
                              cf-ray: 7e1ff5bb7fefb968-AMS
                              alt-svc: h3=":443"; ma=86400
                            • flag-us
                              GET
                              https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css
                              chrome.exe
                              Remote address:
                              104.18.10.207:443
                              Request
                              GET /bootstrap/4.3.1/css/bootstrap.min.css HTTP/2.0
                              host: stackpath.bootstrapcdn.com
                              sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                              sec-ch-ua-platform: "Windows"
                              accept: text/css,*/*;q=0.1
                              sec-fetch-site: cross-site
                              sec-fetch-mode: no-cors
                              sec-fetch-dest: style
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 200
                              date: Wed, 05 Jul 2023 13:29:58 GMT
                              content-type: text/css; charset=utf-8
                              vary: Accept-Encoding
                              cdn-pullzone: 252412
                              cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
                              cdn-requestcountrycode: NL
                              cache-control: public, max-age=31919000
                              last-modified: Mon, 25 Jan 2021 22:04:08 GMT
                              access-control-allow-origin: *
                              cdn-cachedat: 07/27/2021 10:45:59
                              cdn-edgestorageid: 766
                              cdn-requestpullcode: 200
                              cdn-requestpullsuccess: True
                              timing-allow-origin: *
                              cross-origin-resource-policy: cross-origin
                              x-content-type-options: nosniff
                              cdn-proxyver: 1.0
                              cdn-status: 200
                              cdn-requestid: d340f8654a4f39d0647fd3c821d8fb7a
                              cdn-cache: HIT
                              cf-cache-status: HIT
                              age: 21801593
                              strict-transport-security: max-age=31536000; includeSubDomains; preload
                              server: cloudflare
                              cf-ray: 7e1ff5bb7cf70a75-AMS
                              content-encoding: br
                              alt-svc: h3=":443"; ma=86400
                            • flag-nl
                              GET
                              https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
                              chrome.exe
                              Remote address:
                              142.251.36.42:443
                              Request
                              GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/2.0
                              host: ajax.googleapis.com
                              sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                              sec-ch-ua-platform: "Windows"
                              accept: */*
                              sec-fetch-site: cross-site
                              sec-fetch-mode: no-cors
                              sec-fetch-dest: script
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                            • flag-us
                              DNS
                              maxcdn.bootstrapcdn.com
                              chrome.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              maxcdn.bootstrapcdn.com
                              IN A
                              Response
                              maxcdn.bootstrapcdn.com
                              IN A
                              104.18.11.207
                              maxcdn.bootstrapcdn.com
                              IN A
                              104.18.10.207
                            • flag-us
                              GET
                              https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
                              chrome.exe
                              Remote address:
                              104.18.11.207:443
                              Request
                              GET /bootstrap/3.3.7/js/bootstrap.min.js HTTP/2.0
                              host: maxcdn.bootstrapcdn.com
                              sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                              origin: null
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                              sec-ch-ua-platform: "Windows"
                              accept: */*
                              sec-fetch-site: cross-site
                              sec-fetch-mode: cors
                              sec-fetch-dest: script
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 200
                              date: Wed, 05 Jul 2023 13:29:58 GMT
                              content-type: application/javascript; charset=utf-8
                              vary: Accept-Encoding
                              cdn-pullzone: 252412
                              cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
                              cdn-requestcountrycode: US
                              cdn-edgestorageid: 617
                              cdn-edgestorageid: 617
                              cdn-edgestorageid: 617
                              cdn-edgestorageid: 617
                              cdn-edgestorageid: 617
                              cdn-edgestorageid: 617
                              cdn-edgestorageid: 617
                              cdn-edgestorageid: 617
                              cdn-edgestorageid: 617
                              last-modified: Mon, 25 Jan 2021 22:04:00 GMT
                              cdn-cachedat: 2021-06-08 14:35:59
                              cdn-requestpullsuccess: True
                              cdn-requestpullcode: 200
                              cache-control: public, max-age=31919000
                              timing-allow-origin: *
                              cross-origin-resource-policy: cross-origin
                              access-control-allow-origin: *
                              x-content-type-options: nosniff
                              cdn-requestid: eefa06f81ccaf21fa5451ec613a67069
                              cdn-cache: HIT
                              cf-cache-status: HIT
                              age: 2354215
                              strict-transport-security: max-age=31536000; includeSubDomains; preload
                              server: cloudflare
                              cf-ray: 7e1ff5bc6f19b788-AMS
                              content-encoding: br
                              alt-svc: h3=":443"; ma=86400
                            • flag-us
                              DNS
                              1000logos.net
                              chrome.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              1000logos.net
                              IN A
                              Response
                              1000logos.net
                              IN A
                              172.67.71.45
                              1000logos.net
                              IN A
                              104.26.8.175
                              1000logos.net
                              IN A
                              104.26.9.175
                            • flag-us
                              GET
                              https://1000logos.net/wp-content/uploads/2020/08/Microsoft-Excel-Logo-500x313.png
                              chrome.exe
                              Remote address:
                              172.67.71.45:443
                              Request
                              GET /wp-content/uploads/2020/08/Microsoft-Excel-Logo-500x313.png HTTP/2.0
                              host: 1000logos.net
                              sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                              sec-ch-ua-platform: "Windows"
                              accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              sec-fetch-site: cross-site
                              sec-fetch-mode: no-cors
                              sec-fetch-dest: image
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 200
                              date: Wed, 05 Jul 2023 13:29:58 GMT
                              content-type: image/png
                              content-length: 25979
                              last-modified: Sat, 12 Feb 2022 06:15:35 GMT
                              etag: "62075087-657b"
                              cf-cache-status: HIT
                              age: 1840
                              accept-ranges: bytes
                              report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zjBaD%2BBypUaqgWJDmx1z22Ry6D1VxXWfnfoWaF8uv6%2FgqfKGTxdnLHOkKs%2BXpfd6%2BWCQQvTtGLIX7yOyMILGvqon7cfHfwJed33S5fCmVC5C9h7pDD1oXIoHQrpCuAU%3D"}],"group":"cf-nel","max_age":604800}
                              nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              vary: Accept-Encoding
                              server: cloudflare
                              cf-ray: 7e1ff5bc9a0e0a64-AMS
                            • flag-us
                              DNS
                              195.179.250.142.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              195.179.250.142.in-addr.arpa
                              IN PTR
                              Response
                              195.179.250.142.in-addr.arpa
                              IN PTR
                              ams15s42-in-f31e100net
                            • flag-us
                              DNS
                              202.179.250.142.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              202.179.250.142.in-addr.arpa
                              IN PTR
                              Response
                              202.179.250.142.in-addr.arpa
                              IN PTR
                              ams15s42-in-f101e100net
                            • flag-us
                              DNS
                              14.25.17.104.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              14.25.17.104.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              207.10.18.104.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              207.10.18.104.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              42.36.251.142.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              42.36.251.142.in-addr.arpa
                              IN PTR
                              Response
                              42.36.251.142.in-addr.arpa
                              IN PTR
                              ams17s12-in-f101e100net
                            • flag-us
                              DNS
                              207.11.18.104.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              207.11.18.104.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              45.71.67.172.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              45.71.67.172.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              assets.msn.com
                              Remote address:
                              8.8.8.8:53
                              Request
                              assets.msn.com
                              IN A
                              Response
                              assets.msn.com
                              IN CNAME
                              assets.msn.com.edgekey.net
                              assets.msn.com.edgekey.net
                              IN CNAME
                              e28578.d.akamaiedge.net
                              e28578.d.akamaiedge.net
                              IN A
                              2.16.241.97
                              e28578.d.akamaiedge.net
                              IN A
                              2.16.241.76
                            • flag-de
                              GET
                              https://assets.msn.com/serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=b45f6007-71df-44b4-8668-ff503aa8bc54&ocid=windows-windowsShell-feeds&user=m-f6100d52207b421d8a275b2b199b44dd&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtask
                              Remote address:
                              2.16.241.97:443
                              Request
                              GET /serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=b45f6007-71df-44b4-8668-ff503aa8bc54&ocid=windows-windowsShell-feeds&user=m-f6100d52207b421d8a275b2b199b44dd&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtask HTTP/2.0
                              host: assets.msn.com
                              x-search-account: None
                              accept-encoding: gzip, deflate
                              x-device-machineid: {9A0AA320-02A9-4895-93BF-E83F6D53852E}
                              x-userageclass: Unknown
                              x-bm-market: US
                              x-bm-dateformat: M/d/yyyy
                              x-device-ossku: 48
                              x-bm-dtz: 0
                              x-deviceid: 0100B2E609000CC3
                              x-bm-windowsflights: FX:119E26AD,FX:11D898D7,FX:11DB147C,FX:11DE505A,FX:11E11E97,FX:11E3E2BA,FX:11E50151,FX:11E9EE98,FX:11F1992A,FX:11F4161E,FX:11F41B68,FX:11FB0F2F,FX:1201B330,FX:1202B7FC,FX:120BB68E,FX:121A20E1,FX:121BF15F,FX:121E5EC8,FX:122D8E86,FX:123031A3,FX:1231B88B,FX:123371B1,FX:1233C945,FX:123D7C31,FX:1240013C,FX:1246E4A3,FX:1248306D,FX:124B38D0,FX:1250080B,FX:125A7FDA,FX:1264FA75,FX:126DBC22,FX:127159BE,FX:12769734,FX:127C935B,FX:127DC03A,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5
                              sitename: www.msn.com
                              x-bm-theme: 000000;0078d7
                              muid: F6100D52207B421D8A275B2B199B44DD
                              x-agent-deviceid: 0100B2E609000CC3
                              x-bm-onlinesearchdisabled: true
                              x-bm-cbt: 1688563799
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                              x-device-isoptin: false
                              accept-language: en-US, en
                              x-device-touch: false
                              x-device-clientsession: FA61E94E177247B7842B9167E3BFA68A
                              cookie: MUID=F6100D52207B421D8A275B2B199B44DD
                              Response
                              HTTP/2.0 200
                              content-type: application/json; charset=utf-8
                              server: Kestrel
                              access-control-allow-credentials: true
                              access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent
                              access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
                              access-control-allow-origin: *.msn.com
                              access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent
                              content-encoding: gzip
                              ddd-authenticatedwithjwtflow: False
                              ddd-usertype: AnonymousMuid
                              ddd-tmpl: lowT:0;IsRecoNewUser:1;coldStart:1;coldStartUpsell:1;lowC:0;BingRecoCode:Success;SageUser:0;winbadge:1;partialResponse:1;tbn:0
                              x-wpo-activityid: 5B31D1E8-711B-489E-B986-6B665F863213|2023-07-05T13:30:01.7212928Z|fabric:/wpo|FRC|WPO_33
                              ddd-feednewsitemcount: 1
                              ddd-activityid: 5b31d1e8-711b-489e-b986-6b665f863213
                              ddd-strategyexecutionlatency: 00:00:00.6204282
                              ddd-debugid: 5b31d1e8-711b-489e-b986-6b665f863213|2023-07-05T13:30:01.7264825Z|fabric:/winfeed|FRC|WinFeed_2
                              onewebservicelatency: 622
                              x-msedge-responseinfo: 622
                              x-ceto-ref: 64a57059846447488a90cf80c132e052|2023-07-05T13:30:01.101Z
                              expires: Wed, 05 Jul 2023 13:30:01 GMT
                              date: Wed, 05 Jul 2023 13:30:01 GMT
                              content-length: 1528
                              akamai-request-bc: [a=2.16.240.33,b=27741844,c=g,n=DE_HE_FRANKFURT,o=20940],[a=20.74.25.147,c=o]
                              server-timing: clientrtt; dur=24, clienttt; dur=634, origin; dur=633 , cdntime; dur=1
                              akamai-cache-status: Miss from child
                              akamai-server-ip: 2.16.240.33
                              akamai-request-id: 1a74e94
                              x-as-suppresssetcookie: 1
                              cache-control: private, max-age=0
                              report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
                              nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
                              timing-allow-origin: *
                              vary: Origin
                            • flag-us
                              DNS
                              clients2.google.com
                              chrome.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              clients2.google.com
                              IN A
                              Response
                              clients2.google.com
                              IN CNAME
                              clients.l.google.com
                              clients.l.google.com
                              IN A
                              142.251.36.46
                            • flag-us
                              DNS
                              97.241.16.2.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              97.241.16.2.in-addr.arpa
                              IN PTR
                              Response
                              97.241.16.2.in-addr.arpa
                              IN PTR
                              a2-16-241-97deploystaticakamaitechnologiescom
                            • flag-us
                              DNS
                              46.36.251.142.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              46.36.251.142.in-addr.arpa
                              IN PTR
                              Response
                              46.36.251.142.in-addr.arpa
                              IN PTR
                              ams17s12-in-f141e100net
                            • flag-us
                              DNS
                              fronterz.com
                              chrome.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              fronterz.com
                              IN A
                              Response
                              fronterz.com
                              IN A
                              178.208.94.221
                            • flag-ru
                              POST
                              https://fronterz.com/hunter/hunt/baby6.php
                              chrome.exe
                              Remote address:
                              178.208.94.221:443
                              Request
                              POST /hunter/hunt/baby6.php HTTP/2.0
                              host: fronterz.com
                              content-length: 64
                              sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                              accept: application/json, text/javascript, */*; q=0.01
                              content-type: application/x-www-form-urlencoded; charset=UTF-8
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                              sec-ch-ua-platform: "Windows"
                              origin: null
                              sec-fetch-site: cross-site
                              sec-fetch-mode: cors
                              sec-fetch-dest: empty
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 200
                              server: nginx
                              date: Wed, 05 Jul 2023 13:30:20 GMT
                              content-type: application/json
                              x-powered-by: PHP/8.0.29
                              access-control-allow-origin: *
                              x-powered-by: PleskLin
                              content-encoding: br
                            • flag-us
                              DNS
                              apps.identrust.com
                              chrome.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              apps.identrust.com
                              IN A
                              Response
                              apps.identrust.com
                              IN CNAME
                              identrust.edgesuite.net
                              identrust.edgesuite.net
                              IN CNAME
                              a1952.dscq.akamai.net
                              a1952.dscq.akamai.net
                              IN A
                              92.122.101.18
                              a1952.dscq.akamai.net
                              IN A
                              92.122.101.41
                            • flag-nl
                              GET
                              http://apps.identrust.com/roots/dstrootcax3.p7c
                              chrome.exe
                              Remote address:
                              92.122.101.18:80
                              Request
                              GET /roots/dstrootcax3.p7c HTTP/1.1
                              Connection: Keep-Alive
                              Accept: */*
                              User-Agent: Microsoft-CryptoAPI/10.0
                              Host: apps.identrust.com
                              Response
                              HTTP/1.1 200 OK
                              X-XSS-Protection: 1; mode=block
                              Strict-Transport-Security: max-age=15768000
                              X-Frame-Options: SAMEORIGIN
                              X-Content-Type-Options: nosniff
                              Content-Security-Policy: default-src 'self' *.identrust.com
                              Last-Modified: Wed, 08 Feb 2023 16:52:56 GMT
                              ETag: "37d-5f433188daa00"
                              Accept-Ranges: bytes
                              Content-Length: 893
                              X-Content-Type-Options: nosniff
                              X-Frame-Options: sameorigin
                              Content-Type: application/pkcs7-mime
                              Cache-Control: max-age=3600
                              Expires: Wed, 05 Jul 2023 14:30:20 GMT
                              Date: Wed, 05 Jul 2023 13:30:20 GMT
                              Connection: keep-alive
                            • flag-us
                              DNS
                              221.94.208.178.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              221.94.208.178.in-addr.arpa
                              IN PTR
                              Response
                              221.94.208.178.in-addr.arpa
                              IN PTR
                              hosted-bymchostru
                            • flag-us
                              DNS
                              18.101.122.92.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              18.101.122.92.in-addr.arpa
                              IN PTR
                              Response
                              18.101.122.92.in-addr.arpa
                              IN PTR
                              a92-122-101-18deploystaticakamaitechnologiescom
                            • 104.17.25.14:443
                              https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
                              tls, http2
                              chrome.exe
                              1.8kB
                              9.7kB
                              15
                              16

                              HTTP Request

                              GET https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

                              HTTP Response

                              200
                            • 104.18.10.207:443
                              https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css
                              tls, http2
                              chrome.exe
                              2.1kB
                              29.4kB
                              23
                              32

                              HTTP Request

                              GET https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css

                              HTTP Response

                              200
                            • 142.251.36.42:443
                              https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
                              tls, http2
                              chrome.exe
                              2.2kB
                              39.5kB
                              23
                              35

                              HTTP Request

                              GET https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
                            • 104.18.11.207:443
                              https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
                              tls, http2
                              chrome.exe
                              1.8kB
                              14.4kB
                              15
                              19

                              HTTP Request

                              GET https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js

                              HTTP Response

                              200
                            • 172.67.71.45:443
                              https://1000logos.net/wp-content/uploads/2020/08/Microsoft-Excel-Logo-500x313.png
                              tls, http2
                              chrome.exe
                              2.1kB
                              30.8kB
                              21
                              31

                              HTTP Request

                              GET https://1000logos.net/wp-content/uploads/2020/08/Microsoft-Excel-Logo-500x313.png

                              HTTP Response

                              200
                            • 2.16.241.97:443
                              https://assets.msn.com/serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=b45f6007-71df-44b4-8668-ff503aa8bc54&ocid=windows-windowsShell-feeds&user=m-f6100d52207b421d8a275b2b199b44dd&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtask
                              tls, http2
                              2.6kB
                              10.6kB
                              20
                              19

                              HTTP Request

                              GET https://assets.msn.com/serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=b45f6007-71df-44b4-8668-ff503aa8bc54&ocid=windows-windowsShell-feeds&user=m-f6100d52207b421d8a275b2b199b44dd&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtask

                              HTTP Response

                              200
                            • 142.251.36.46:443
                              clients2.google.com
                              tls, http2
                              chrome.exe
                              953 B
                              8.3kB
                              8
                              9
                            • 178.208.94.221:443
                              https://fronterz.com/hunter/hunt/baby6.php
                              tls, http2
                              chrome.exe
                              1.9kB
                              6.0kB
                              14
                              13

                              HTTP Request

                              POST https://fronterz.com/hunter/hunt/baby6.php

                              HTTP Response

                              200
                            • 92.122.101.18:80
                              http://apps.identrust.com/roots/dstrootcax3.p7c
                              http
                              chrome.exe
                              324 B
                              1.6kB
                              4
                              4

                              HTTP Request

                              GET http://apps.identrust.com/roots/dstrootcax3.p7c

                              HTTP Response

                              200
                            • 8.8.8.8:53
                              stackpath.bootstrapcdn.com
                              dns
                              chrome.exe
                              72 B
                              104 B
                              1
                              1

                              DNS Request

                              stackpath.bootstrapcdn.com

                              DNS Response

                              104.18.10.207
                              104.18.11.207

                            • 8.8.8.8:53
                              cdnjs.cloudflare.com
                              dns
                              chrome.exe
                              66 B
                              98 B
                              1
                              1

                              DNS Request

                              cdnjs.cloudflare.com

                              DNS Response

                              104.17.25.14
                              104.17.24.14

                            • 8.8.8.8:53
                              ajax.googleapis.com
                              dns
                              chrome.exe
                              65 B
                              81 B
                              1
                              1

                              DNS Request

                              ajax.googleapis.com

                              DNS Response

                              142.251.36.42

                            • 104.17.25.14:443
                              cdnjs.cloudflare.com
                              https
                              chrome.exe
                              6.6kB
                              93.0kB
                              46
                              85
                            • 8.8.8.8:53
                              maxcdn.bootstrapcdn.com
                              dns
                              chrome.exe
                              69 B
                              101 B
                              1
                              1

                              DNS Request

                              maxcdn.bootstrapcdn.com

                              DNS Response

                              104.18.11.207
                              104.18.10.207

                            • 8.8.8.8:53
                              1000logos.net
                              dns
                              chrome.exe
                              59 B
                              107 B
                              1
                              1

                              DNS Request

                              1000logos.net

                              DNS Response

                              172.67.71.45
                              104.26.8.175
                              104.26.9.175

                            • 8.8.8.8:53
                              195.179.250.142.in-addr.arpa
                              dns
                              74 B
                              112 B
                              1
                              1

                              DNS Request

                              195.179.250.142.in-addr.arpa

                            • 8.8.8.8:53
                              202.179.250.142.in-addr.arpa
                              dns
                              74 B
                              113 B
                              1
                              1

                              DNS Request

                              202.179.250.142.in-addr.arpa

                            • 8.8.8.8:53
                              14.25.17.104.in-addr.arpa
                              dns
                              71 B
                              133 B
                              1
                              1

                              DNS Request

                              14.25.17.104.in-addr.arpa

                            • 8.8.8.8:53
                              207.10.18.104.in-addr.arpa
                              dns
                              72 B
                              134 B
                              1
                              1

                              DNS Request

                              207.10.18.104.in-addr.arpa

                            • 8.8.8.8:53
                              42.36.251.142.in-addr.arpa
                              dns
                              72 B
                              111 B
                              1
                              1

                              DNS Request

                              42.36.251.142.in-addr.arpa

                            • 8.8.8.8:53
                              207.11.18.104.in-addr.arpa
                              dns
                              72 B
                              134 B
                              1
                              1

                              DNS Request

                              207.11.18.104.in-addr.arpa

                            • 8.8.8.8:53
                              45.71.67.172.in-addr.arpa
                              dns
                              71 B
                              133 B
                              1
                              1

                              DNS Request

                              45.71.67.172.in-addr.arpa

                            • 8.8.8.8:53
                              assets.msn.com
                              dns
                              60 B
                              166 B
                              1
                              1

                              DNS Request

                              assets.msn.com

                              DNS Response

                              2.16.241.97
                              2.16.241.76

                            • 8.8.8.8:53
                              clients2.google.com
                              dns
                              chrome.exe
                              65 B
                              105 B
                              1
                              1

                              DNS Request

                              clients2.google.com

                              DNS Response

                              142.251.36.46

                            • 142.251.36.46:443
                              clients2.google.com
                              https
                              chrome.exe
                              3.9kB
                              9.4kB
                              15
                              14
                            • 224.0.0.251:5353
                              chrome.exe
                              204 B
                              3
                            • 8.8.8.8:53
                              97.241.16.2.in-addr.arpa
                              dns
                              70 B
                              133 B
                              1
                              1

                              DNS Request

                              97.241.16.2.in-addr.arpa

                            • 8.8.8.8:53
                              46.36.251.142.in-addr.arpa
                              dns
                              72 B
                              111 B
                              1
                              1

                              DNS Request

                              46.36.251.142.in-addr.arpa

                            • 8.8.8.8:53
                              fronterz.com
                              dns
                              chrome.exe
                              58 B
                              74 B
                              1
                              1

                              DNS Request

                              fronterz.com

                              DNS Response

                              178.208.94.221

                            • 8.8.8.8:53
                              apps.identrust.com
                              dns
                              chrome.exe
                              64 B
                              165 B
                              1
                              1

                              DNS Request

                              apps.identrust.com

                              DNS Response

                              92.122.101.18
                              92.122.101.41

                            • 8.8.8.8:53
                              221.94.208.178.in-addr.arpa
                              dns
                              73 B
                              106 B
                              1
                              1

                              DNS Request

                              221.94.208.178.in-addr.arpa

                            • 8.8.8.8:53
                              18.101.122.92.in-addr.arpa
                              dns
                              72 B
                              137 B
                              1
                              1

                              DNS Request

                              18.101.122.92.in-addr.arpa

                            MITRE ATT&CK Enterprise v6

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                              Filesize

                              873B

                              MD5

                              cb811f8c0c3416b884c92c10f7191fac

                              SHA1

                              5e5115d36a79c6cb18217a919d7fd0ebb61cfa46

                              SHA256

                              b2c30c41911a71b2c87de59527a95969ca6d9ae880e4754b5257d3f34274b154

                              SHA512

                              df61eb4f38e2ec93c03daebd653db5c27f9ef16290c1a914fe005afe395d5cb2693661ed1388cabf0afa1349d8fcf701de9f27bafb8d6c67ce9830b6a5e8ad99

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              f0360bcc89678cb07ed638fac64ec607

                              SHA1

                              5e47037a9e180e06bda995ccd44b85e3b59346b9

                              SHA256

                              b43f180df54c0dfa0b9f5dfcfe20cc1ab893a6c2b4b3fe8815e604a77715469e

                              SHA512

                              d405c2278e654d4edb3d4f3e2d042899c7fb0e155fceb96541d68d054a92ea07a475abc20b234b7f33431687f561c5d55d22302d083393d71b504790d2624aa0

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              173KB

                              MD5

                              ec75af70766fe09708d83cedd715e6da

                              SHA1

                              55c87b9e05a544ab3a256e30d457c2a3d6775903

                              SHA256

                              b5720cbd4daed9edd4b8556e22406403cd9cddc423f659d971e3e93fd31a4e52

                              SHA512

                              f64522a194f9910c0a67c19e05149d84e35e537c27c2d12c97961cca5ccb69425ab21f0c43f4260736550139f9be05e9775e658de756b03f5d1c6f9f28190ad0

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              89KB

                              MD5

                              716e8dba4338b8b1a4bf045858b46044

                              SHA1

                              4b1573f099ecb9f652b211f576c48fe3aa5aaafa

                              SHA256

                              2f22024c8a76a8338e0a600aa35b29414894ab0fbe427982cd4b75643ec55f34

                              SHA512

                              684149b3fc9e53247cf65b7526c82e6873ba000b17c156be9d665a441950522824cdde70f836a632274326b4cdffa653701dd4f9455b29e84f3c29a13e6138f6

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                              Filesize

                              2B

                              MD5

                              99914b932bd37a50b983c5e7c90ae93b

                              SHA1

                              bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                              SHA256

                              44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                              SHA512

                              27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                            • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                              Filesize

                              2B

                              MD5

                              f3b25701fe362ec84616a93a45ce9998

                              SHA1

                              d62636d8caec13f04e28442a0a6fa1afeb024bbb

                              SHA256

                              b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                              SHA512

                              98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                            We care about your privacy.

                            This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.